Most Organizations Now Need Direct Access to Better Threat Intelligence

There’s not much IT security professionals can do to prevent cybercriminals from launching attacks in the first place. That means the name of the IT security game is to reduce the mean time to detection (MTTD) as part of larger effort to reduce the mean time to response (MTTR).

Unfortunately, too many IT organizations are still thinking about MTTD in terms of detection of malware at some point after it lands on their systems. IT security would be a whole lot better for all concerned if organizations started thinking about MTTD in terms of detecting malware when it first appears in the wild. The good news is that threat intelligence services are getting better at detecting these threats. Most IT security vendors subscribe to multiple IT threat intelligence services. Most of them also responsibly share research about potential threats with each other. But IT organizations would be well advised to develop their own threat intelligence capabilities. After all, to be forewarned is to be forearmed.

The primary reason IT organizations should implement some form of cybersecurity intelligence is that the attacks are getting more targeted. Shadow Brokers, the cybercriminals credited with developing the WannaCry ransomware exploit using tools stolen from the National Security Agency (NSA) in the U.S., announced it plans to unfurl a subscription service through which it will provide any interested party with exploits and tools for roughly $23,000 a month. Obviously, Shadow Brokers will have to keep delivering a steady stream of security exploits to deliver a return on that business model. The trouble is that a separate report suggests that Shadow Brokers might have no trouble accomplishing that goal. OWL Security recently announced that it indexed 24,000 domains on the darknet as part of an effort to discover which organizations are most commonly cited on a part of the Internet where cybercriminals share tools and intelligence. The report concluded that every single Fortune 500 company has a digital footprint on the darknet. That would suggest that cybercriminals are actively working on more targeted exploits.

Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.